Remove owner role assignments from live test ARM templates (Azure#24141)

benbp · azabbasi · web-flow · commit 028298488c2a · 2021-09-22T11:06:46.000-07:00
* Remove owner role assignment from time series insights ARM template

* Remove owner role assignment from digital twins ARM template

* Remove owner role assignment from iot ARM template

* Remove rbac owner assignment from TSI in the bicep file

Co-authored-by: Azad Abbasi &lt;azabbasi@microsoft.com&gt;
diff --git a/sdk/digitaltwins/test-resources.bicep b/sdk/digitaltwins/test-resources.bicep
@@ -9,17 +9,8 @@ param baseName string = resourceGroup().name
 @description('The location of the resource. By default, this is the same as the resource group.')
 param location string = resourceGroup().location
 
-var rbacOwnerRoleDefinitionId = '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
 var adtOwnerRoleDefinitionId = '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/bcd981a7-7f74-457b-83e1-cceb9e632ffe'
 
-resource roleAssignment 'Microsoft.Authorization/roleAssignments@2018-09-01-preview' = {
-    name: guid(resourceGroup().id)
-    properties: {
-        roleDefinitionId: rbacOwnerRoleDefinitionId
-        principalId: testApplicationOid
-    }
-}
-
 resource digitaltwin 'Microsoft.DigitalTwins/digitalTwinsInstances@2020-03-01-preview' = {
     name: baseName
     location: location
diff --git a/sdk/digitaltwins/test-resources.json b/sdk/digitaltwins/test-resources.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.4.63.48766",
-      "templateHash": "14469093771711807520"
+      "templateHash": "7080001263714194046"
     }
   },
   "parameters": {
@@ -34,19 +34,9 @@
   },
   "functions": [],
   "variables": {
-    "rbacOwnerRoleDefinitionId": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635', subscription().subscriptionId)]",
     "adtOwnerRoleDefinitionId": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/bcd981a7-7f74-457b-83e1-cceb9e632ffe', subscription().subscriptionId)]"
   },
   "resources": [
-    {
-      "type": "Microsoft.Authorization/roleAssignments",
-      "apiVersion": "2018-09-01-preview",
-      "name": "[guid(resourceGroup().id)]",
-      "properties": {
-        "roleDefinitionId": "[variables('rbacOwnerRoleDefinitionId')]",
-        "principalId": "[parameters('testApplicationOid')]"
-      }
-    },
     {
       "type": "Microsoft.DigitalTwins/digitalTwinsInstances",
       "apiVersion": "2020-03-01-preview",
diff --git a/sdk/iot/test-resources.json b/sdk/iot/test-resources.json
@@ -46,7 +46,6 @@
     },
     "variables": {
         "iotHubResourceId": "[resourceId('Microsoft.Devices/IotHubs', parameters('baseName'))]",
-        "rbacOwnerRoleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
         "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
         "serviceSasProperties": {
           "canonicalizedResource": "[concat('/blob/', parameters('storageAccountName'),'/',parameters('blobContainerName'))]",
@@ -58,15 +57,6 @@
       }
     },
     "resources": [
-        {
-            "type": "Microsoft.Authorization/roleAssignments",
-            "apiVersion": "2018-09-01-preview",
-            "name": "[guid(resourceGroup().id)]",
-            "properties": {
-              "roleDefinitionId": "[variables('rbacOwnerRoleDefinitionId')]",
-              "principalId": "[parameters('testApplicationOid')]"
-            }
-        },
         {
             "type": "Microsoft.Devices/IotHubs",
             "apiVersion": "2020-03-01",
@@ -138,4 +128,4 @@
           "value": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net/',parameters('blobContainerName'),'?',listServiceSas(variables('storageAccountId'), '2018-07-01', variables('serviceSasProperties')).serviceSasToken)]"
         }
     }
-}
+}
diff --git a/sdk/timeseriesinsights/test-resources.bicep b/sdk/timeseriesinsights/test-resources.bicep
@@ -45,18 +45,9 @@ param eventSourceTimestampPropertyName string = '${eventSourceName}TimestampProp
 @description('The name of the shared access key that the Time Series Insights service will use to connect to the event hub.')
 param eventSourceKeyName string = 'service'
 
-var rbacOwnerRoleDefinitionId = '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
 var storageAccountName = 'tsi${uniqueString(az.resourceGroup().id)}'
 var eventSourceResourceId = resourceId(resourceGroup, 'Microsoft.Devices/IotHubs', iotHubName)
 
-resource roleAssignment 'Microsoft.Authorization/roleAssignments@2018-09-01-preview' = {
-    name: guid(az.resourceGroup().id)
-    properties: {
-        roleDefinitionId: rbacOwnerRoleDefinitionId
-        principalId: testApplicationOid
-    }
-}
-
 resource iotHub 'Microsoft.Devices/IotHubs@2020-03-01' = {
     name: iotHubName
     location: region
diff --git a/sdk/timeseriesinsights/test-resources.json b/sdk/timeseriesinsights/test-resources.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.4.63.48766",
-      "templateHash": "7074975851172708714"
+      "templateHash": "3831110767816828197"
     }
   },
   "parameters": {
@@ -98,21 +98,11 @@
   },
   "functions": [],
   "variables": {
-    "rbacOwnerRoleDefinitionId": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635', subscription().subscriptionId)]",
     "storageAccountName": "[format('tsi{0}', uniqueString(resourceGroup().id))]",
     "eventSourceResourceId": "[resourceId(parameters('resourceGroup'), 'Microsoft.Devices/IotHubs', parameters('iotHubName'))]",
     "hubKeysId": "[resourceId('Microsoft.Devices/IotHubs/Iothubkeys', parameters('iotHubName'), 'iothubowner')]"
   },
   "resources": [
-    {
-      "type": "Microsoft.Authorization/roleAssignments",
-      "apiVersion": "2018-09-01-preview",
-      "name": "[guid(resourceGroup().id)]",
-      "properties": {
-        "roleDefinitionId": "[variables('rbacOwnerRoleDefinitionId')]",
-        "principalId": "[parameters('testApplicationOid')]"
-      }
-    },
     {
       "type": "Microsoft.Devices/IotHubs",
       "apiVersion": "2020-03-01",
